This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Stack protector: leak of guard's address on stack


* Maxim Kuvyrkov:

>> On Apr 28, 2018, at 9:22 PM, Florian Weimer <fw@deneb.enyo.de> wrote:
>> 
>> * Thomas Preudhomme:
>> 
>>> Yes absolutely, CSE needs to be avoided. I made memory access volatile
>>> because the change was easier to do. Also on Arm Thumb-1 computing the
>>> guard's address itself takes several loads so had to modify some more
>>> patterns. Anyway, regardless of the proper fix, do you have any objection
>>> to raising a CVE for that issue?
>> 
>> Please file a bug in Bugzilla first and use that in the submission to
>> MITRE.
>
> Thomas filed https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85434 couple
> of weeks ago.

Is there a generic way to find other affected targets?

If we only plan to fix 32-bit Arm, we should make the CVE identifier
specific to that, to avoid confusion.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]